citadel

My dotfiles, scripts and nix configs
git clone git://jb55.com/citadel
Log | Files | Refs | README | LICENSE

commit 0ab316863b56c3cd62e17d0ec2467aab9c19a84e
parent 8c22fcde19909594ea5f3243de9f96b788f10527
Author: William Casarin <jb55@jb55.com>
Date:   Tue,  2 Mar 2021 15:55:31 -0800

BACKPORT: misc

Signed-off-by: William Casarin <jb55@jb55.com>

Diffstat:
Mnix-config/machines/charon/networking/default.nix | 37-------------------------------------
1 file changed, 0 insertions(+), 37 deletions(-)

diff --git a/nix-config/machines/charon/networking/default.nix b/nix-config/machines/charon/networking/default.nix @@ -6,14 +6,12 @@ let ports = { git = 9418; gemini = 1965; - wireguard = 51820; }; in { services.openssh.gatewayPorts = "yes"; networking.firewall.allowedTCPPorts = with ports; [ 22 443 80 70 12566 12788 5222 5269 3415 git gemini ]; - networking.firewall.allowedUDPPorts = with ports; [ wireguard ]; networking.domain = "jb55.com"; networking.search = [ "jb55.com" ]; @@ -21,39 +19,4 @@ in 127.0.0.1 jb55.com ::1 jb55.com ''; - - - networking.wireguard.interfaces = { - # "wg0" is the network interface name. You can name the interface arbitrarily. - wg0 = { - # Determines the IP address and subnet of the client's end of the tunnel interface. - ips = [ "10.100.0.7/28" ]; - - listenPort = ports.wireguard; - - # Path to the private key file. - # - # Note: The private key can also be included inline via the privateKey option, - # but this makes the private key world-readable; thus, using privateKeyFile is - # recommended. - privateKeyFile = "/home/jb55/.wg/private"; - - peers = [ - # For a client configuration, one peer entry for the server will suffice. - { publicKey = "TbGgpOqD6teLon0ksZKS8zvvjHtkOGKNWPpHZxhVFWA="; - allowedIPs = [ "10.100.0.1/32" ]; - endpoint = "24.84.152.187:51820"; - } - { publicKey = "wcoun9+1GX4awQF2Yd0WbsQ6RKHE9SsOsYv3qR7mbB0="; # quiver - allowedIPs = [ "10.100.0.2/32" ]; - } - { publicKey = "vIh3IQgP92OhHaC9XBiJVDLlrs3GVcR6hlXaapjTiA0="; # phone - allowedIPs = [ "10.100.0.3/32" ]; - } - { publicKey = "Dp8Df75X8Kh9gd33e+CWyyhOvT4mT0X9ToPwBUEBU1k="; # mac - allowedIPs = [ "10.100.0.4/32" ]; - } - ]; - }; - }; }